MLUG: Mizzou Linux Users GroupHome | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact
MLUG: Re: [MLUG - DISCUSSION] website defacement day
Re: [MLUG - DISCUSSION] website defacement day
Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
isn't that the nimba worm?
I know CodeRed I and CodeRed II does the
?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN lines

while nimba tries to execute any and all possible *.exe admin commands
through any and all windows webpage servers, which apache does is blow it
off like nothing and just logs it

On Wed, 2 Jul 2003, Stephen Montgomery-Smith wrote:

> Michael wrote:
> > Dunno how serious to take the threat but it wouldn't hurt to upgrade
> > your web servers. Obviously that includes the web server itself and all
> > additional software on the server that could be used for entry. :)
> >
> > http://www.sfgate.com/cgi-bin/article.cgi?f=/news/archive/2003/07/02/financial1239EDT0109.DTL&type=tech
> >
> >
>
> I am seeing quite a lot of break in attempts on my lowly web server.  I am
> getting connection attempts to port 1433, which looks like some kind of SQL
> port.  I am also getting a lot of attempts to look at files like
> /usr/local/www/data/scripts/..%5c../winnt/system32/cmd.exe on my web server.
>
>
>
> --
> Stephen Montgomery-Smith
> EMAIL:PROTECTED
> http://www.math.missouri.edu/~stephen
>
> _______________________________________________
> discussion mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/discussion
>
_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion
Questions? Comments? Feel free to contact MLUG.
DMCA and other copyright information.